<?php
session_start();
?>
<html>
    <head>
        <title></title>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <link type="text/css" href="../bootstrap/css/bootstrap.min.css" rel="stylesheet" media="screen">
        <script type="text/javascript" src="../bootstrap/js/bootstrap.min.js"></script>
    </head>
    <body>
        <?php
        include '../connectdb.php';
        if (isset($_POST['btnAdminLogout'])) {
            session_destroy();
            echo '<script langquage="javascript">window.location="index.php";</script>';
        } else if (isset($_POST['adminuser']) && isset($_POST['adminpassword'])) {
            $q = "select * from admin where admin_user ='" . $_POST['adminuser'] . "' and admin_password ='" . $_POST['adminpassword'] . "'";
            $result = mysqli_query($link, $q);
            $row = mysqli_fetch_array($result);
            if (mysqli_num_rows($result) == 0) {
                echo '<script langquage="javascript">alert("user หรือ password ไม่ถูกต้อง");</script>';
                echo '<script langquage="javascript">window.location="index.php";</script>';
                exit;
            } else {
                $_SESSION['admin_id'] = $row['admin_id'];
                $_SESSION["adminuser"] = $row['admin_user'];
                $_SESSION["lv"] = $row['lv'];

                $arrPermission = array();

                $q2 = "select * from admin_permission where admin_id=" . $_SESSION['admin_id'];
                $result2 = mysqli_query($link, $q2);
                while ($rows = mysqli_fetch_array($result2)) {
                    array_push($arrPermission, $rows['h_id']);
                }
                $_SESSION['permission'] = $arrPermission;
                echo '<script langquage="javascript">window.location="main.php";</script>';
            }
        }
        if (!empty($_SESSION['adminuser'])) {

            echo '<script langquage="javascript">window.location="main.php";</script>';
        } else {
            ?>
            <form name="frmAdminLogin" method="post" action="index.php">    
                <table>
                    <tr>
                        <td colspan="2"><h3>Homestay - Administrator</h3></td>
                    </tr>
                    <tr>
                        <td>Username&nbsp;:</td>
                        <td><input type="text" name="adminuser" id="adminuser"></td>
                    </tr>
                    <tr>
                        <td>Password&nbsp;:</td>
                        <td><input type="password" name="adminpassword" id="adminpassword"></td>
                    </tr>
                    <tr>
                        <td>&nbsp;</td>
                        <td><input type="submit" name="btnAdminLogin" id="btnAdminLogin" value="Login" class="btn btn-inverse"></td>
                    </tr>
                </table>
            </form>
        </body>
    </html>
    <?php
}
mysqli_close($link);
?>